1/23/2003University of Virginia1 Korat: Automated Testing Based on Java Predicates CS751 Presentation by Radu Stoleru C.Boyapaty, S.Khurshid, D.Marinov.

Slides:



Advertisements
Similar presentations
Chapter 22 Implementing lists: linked implementations.
Advertisements

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 7.
Korat Automated Testing Based on Java Predicates Chandrasekhar Boyapati, Sarfraz Khurshid, Darko Marinov MIT ISSTA 2002 Rome, Italy.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
The Singleton Pattern II Recursive Linked Structures.
3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.
Certification of Computational Results Greg Bronevetsky.
JMLAutoTest and Its Double- phase Testing Way Guoqing Xu Com Sci., East China Normal Univ. Shanghai , PRC FATES 2003, Montreal, Canada, Oct.6th 2003.
Dept. of Computer Science A Runtime Assertion Checker for the Java Modeling Language (JML) Yoonsik Cheon and Gary T. Leavens SERP 2002, June 24-27, 2002.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.
272: Software Engineering Fall 2008 Instructor: Tevfik Bultan Lecture 10: Testing, Automated Testing.
Static and Dynamic Contract Verifiers For Java Hongming Liu.
Houdini: An Annotation Assistant for ESC/Java Cormac Flanagan and K. Rustan M. Leino Compaq Systems Research Center.
OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.
Finding the Weakest Characterization of Erroneous Inputs Dzintars Avots and Benjamin Livshits.
Chair of Software Engineering Automatic Verification of Computer Programs.
Efficient Software Model Checking of Data Structure Properties Paul T. Darga Chandrasekhar Boyapati The University of Michigan.
LSR 1 Jartege : a Tool for Random Generation of Unit Tests for Java Classes Catherine Oriat LSR/IMAG, Grenoble, France (presented by Yves Ledru) SOQUA’05,
Chapter 10 Global Properties. Unstable Predicate Detection A predicate is stable if, once it becomes true it remains true Snapshot algorithm is not useful.
Efficient Modular Glass Box Software Model Checking Michael Roberson Chandrasekhar Boyapati The University of Michigan.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 8: Semi-automated test generation via UDITA.
Korat: Automated Testing Based on Java Predicates Chandrasekhar Boyapati 1, Sarfraz Khurshid 2, and Darko Marinov 3 1 University of Michigan Ann Arbor.
Automated Diagnosis of Software Configuration Errors
Chandrasekhar Boyapati (Google) Sarfraz Khurshid (University of Texas)
Implementing Stacks Ellen Walker CPSC 201 Data Structures Hiram College.
Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Static program checking and verification Slides: Based.
Korat: Automated Testing Based on Java Predicates
CM0551 Exam Prep. What are an algorithm’s time and space complexity? (2 marks) Answer: The growth rate of the algorithm’s time requirement and the computer.
Introduction Algorithms and Conventions The design and analysis of algorithms is the core subject matter of Computer Science. Given a problem, we want.
Java Pathfinder JPF Tutorial - Test Input Generation With Java Pathfinder.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 6: Exhaustive Bounded Testing and Feedback-Directed Random Testing.
A Novel Approach to Unit Test: The Aspect-Oriented Way Guoqing Xu and Zongyuan Yang Software Engineering Lab (SEL) East China Normal University
Chapter 25 Formal Methods Formal methods Specify program using math Develop program using math Prove program matches specification using.
Extended Static Checking for Java  ESC/Java finds common errors in Java programs: null dereferences, array index bounds errors, type cast errors, race.
Program Correctness. 2 Program Verification An object is a finite state machine: –Its attribute values are its state. –Its methods optionally: Transition.
Boolean expressions, part 2: Logical operators. Previously discussed Recall that there are 2 types of operators that return a boolean result (true or.
Symbolic Execution with Abstract Subsumption Checking Saswat Anand College of Computing, Georgia Institute of Technology Corina Păsăreanu QSS, NASA Ames.
Protocols Software Engineering II Wirfs Brock et al, Designing Object-Oriented Software, Prentice Hall, Mitchell, R., and McKim, Design by Contract,
JAOUT: Automated Generation of Aspect Oriented Unit Test Guoqing Xu, Z. Yang, H. Huang, Q. Chen, L. Chen and F. Xu Software Engineering Lab (SEL) East.
Trees. 2 Root leaf CHAPTER 5 3 Definition of Tree n A tree is a finite set of one or more nodes such that: n There is a specially designated node called.
Building Java Programs Chapter 15 Lecture 15-2: testing ArrayIntList; pre/post conditions and exceptions reading:
Testing Data Structures Tao Xie Visiting Professor, Peking University Associate Professor, North Carolina State University
PROGRAMMING PRE- AND POSTCONDITIONS, INVARIANTS AND METHOD CONTRACTS B MODULE 2: SOFTWARE SYSTEMS 13 NOVEMBER 2013.
Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.
Automated Test Generation CS Outline Previously: Random testing (Fuzzing) – Security, mobile apps, concurrency Systematic testing: Korat – Linked.
( = “unknown yet”) Our novel symbolic execution framework: - extends model checking to programs that have complex inputs with unbounded (very large) data.
Random Test Generation of Unit Tests: Randoop Experience
Symstra: A Framework for Generating Object-Oriented Unit Tests using Symbolic Execution Tao Xie, Darko Marinov, Wolfram Schulte, and David Notkin University.
CS223: Software Engineering Lecture 26: Software Testing.
Automated Object’s Statechart Generation and Testing from Class-Method Contracts Atul Gupta PhD Scholar, IIT Kapur, India.
Learning Invariants using Decision Trees and Implication Counterexamples Pranav Garg Amazon India.
Topics: jGRASP editor ideosyncrasies assert debugger.
Rigorous Software Development CSCI-GA
The Pseudocode Programming Process
Building Java Programs
Dynamic Symbolic Data Structure Repair
Programming Languages 2nd edition Tucker and Noonan
Building Java Programs
50.530: Software Engineering
CSE 143 Lecture 5 More ArrayIntList:
Java Modeling Language (JML)
Symbolic Execution and Test-input Generation
CSE 1020:Software Development
Programming Languages 2nd edition Tucker and Noonan
Automated Test Generation
Presentation transcript:

1/23/2003University of Virginia1 Korat: Automated Testing Based on Java Predicates CS751 Presentation by Radu Stoleru C.Boyapaty, S.Khurshid, D.Marinov

1/23/2003University of Virginia2 Roadmap Why do they do it? Statement of the Problem State of the Art What do they do? How do they do it? Test Input Generation Checking Correctness Results & Evaluation Questions & Comments

1/23/2003University of Virginia3 Roadmap

1/23/2003University of Virginia4 Why do they do it? Automated Testing. Why improve testing? Through manual testing: significant errors are not found it takes 30% of development time automated testing is an industry standard validation Automated Testing consists of: automated generation of test cases from specifications automated execution of test cases automated validation

1/23/2003University of Virginia5 Why do they do it? Specification-based testing: Z specification, UML statechart – no linked data structs TestEra framework (’01) – new specification language JML+JUnit (’01) – no test case generation Static Analysis Extended Static Checker (’98) – no complex structs TVLA (’98) – only limited program properties Software model checking JavaPathFinder (’00), VeriSoft (’98) – no linked data structs

1/23/2003University of Virginia6 Why do they do it? Korat: automated generation of test cases for complex structs complete evaluation of correctness automatically generates counter-examples no new specification language Testing Framework JUnitJML+JUnitKorat generating test cases generating test oracle running tests

1/23/2003University of Virginia7 Roadmap

1/23/2003University of Virginia8 What do they do? use JML for formal specification (class invariants, preconditions, postconditions) generate test inputs using preconditions builds Java predicate builds a skeleton finitization prunes input state space generates isomorph-free test cases evaluate correctness using postconditions using JML/JUnit

1/23/2003University of Virginia9 Roadmap

1/23/2003University of Virginia10 Example class BinaryTree { public invariant repOk(); Node root; int size; static class Node { Node left; Node right; } public requires ensures void remove(Node n) {... } } boolean repOk() { if (root == null) return size == 0; Set visited = new HashSet(); visited.add(root); List workList = new LinkedList(); workList.add(root); while (!workList.isEmpty()) { Node current = (Node)workList.removeFirst(); if (current.left != null) { if (!visited.add(current.left)) return false; workList.add(current.left); } if (current.right != null) { if (!visited.add(current.right)) return false; workList.add(current.right); } if (visited.size() != size) return false; return true;}

1/23/2003University of Virginia11 Input Size 5 non-isomorphic solutions for 3 nodes: N0N0 N1N1 N2N2 N0N0 N1N1 N2N2 (n+1) 2n+1 candidates for n nodes (2 92 for 12 nodes) how to find them quickly? left right N1N1 N2N2 left right N0N0 N1N1 N2N2 left N0N0 N1N1 N2N2 right N0N0

1/23/2003University of Virginia12 Search Korat search algorithm: void koratSearch(Predicate p, Finitization f) { initialize(f); while(hasNextCandidate()) { Object candidate = nextCandidate(); try { if(p.invoke(candidate)) output(candidate); } catch (Throwable t) {} backtrack(); } given a predicate and a finitization, candidate inputs are generated inputs are validated by invoking the predicate on them

1/23/2003University of Virginia13 Finitization a set of bounds that limits the size of the input Class Domain := a set of objects from one class {N 0, N 1, N 2 } Field Domain := a set of values a field can take. For Node.left it is {null, N 0, N 1, N 2 } Finitization finBinaryTree(int n, int min, int max) { Finitization f = new Finitization(BinaryTree.class); ObjSet nodes = f.createObjects(“Node”, n); nodes.add(null); f.set(“root”, nodes); // Field Domain f.set(“size”, new IntSet(min, max)); // Field Domain f.set(“Node.left”, nodes); // Field Domain f.set(“Node.right”, nodes); // Field Domain return f; } generated automatically by Korat can be further specialized

1/23/2003University of Virginia14 State Space using a finitization, Korat: allocates a given number of objects constructs candidate vectors using object fields: ‘root’, ‘left’, ‘right’: {null, N 0, N 1, N 2 } size: {3} rootsizeleftrightleftrightleftright BinaryTreeN0N0 N1N1 N2N2 N1N1 N2N2 left right N0N0 : [N 0, 3, N 1, N 1, null, null, null, null]

1/23/2003University of Virginia15 Search for each candidate vector, Korat: invokes repOk() and monitors the execution builds a field ordering (list of fields ordered by the accessed time) if repOk() returns true, output the structure if repOk() returns false, backtracks on the last accessed field, using the field ordering

1/23/2003University of Virginia16 Search when repOk() returns false, the field ordering is: N1N1 N2N2 left right N0N0 |root, N 0.left, N 0.right| [N 0, 3, N 1, N 1, null, null, null, null] backtracking on N 0.right, gives the next candidate: (increments the field domain index for the field that is last in the field ordering) N1N1 N2N2 left right N0N0 [N 0, 3, N 1, N 2, null, null, null, null]

1/23/2003University of Virginia17 Search N1N1 N2N2 left right N0N0 [N 0, 3, N 1, N 1, null, null, null, null] N1N1 N2N2 left right N0N0 [N 0, 3, N 1, N 2, null, null, null, null] with backtracking, Korat prunes 4 4 candidates of type: [N 0, 3, N 1, N 1, _, _, _, _]

1/23/2003University of Virginia18 Nonisomorphism two candidates are isomorphic if:   ;  o, o’  O C,r ;  f  fields(o) ;  p  P. o.f == o’ in C  (o).f ==  (o’) in C’ and o.f == p in C  (o).f == p in C’ isomorphism => state space partitioned only the lexicographically smallest candidate is generated it is used to increment field domain indices by more than 1. N1N1 N2N2 left N0N0 N0N0 N2N2 N1N1

1/23/2003University of Virginia19 Nonisomorphism-Algorithm N2N2 N1N1 left N0N0 N2N2 N1N1 right N0N0 |root, N 0.left, N 0.right, N 2.left, N 2.right| backtracking on a field f (pointer to object o f of class c f ): class domain: c f {N0, N1, N2} [N 0, 3, N 2, null, null, null, null, null] [N 0, 3, N 2, null, null, null, null, N 1 ] (?)

1/23/2003University of Virginia20 Generating Test Cases to generate test inputs for method m, Korat builds a class that represents m’s inputs builds repOk() that checks m’s precondition generates all inputs that satisfy repOk() class BinaryTree_remove { invariant repOk(); BinaryTree This; BinaryTree.Node n; boolean repOk() { return This.repOk() && This.has(n); } } class BinaryTree { invariant repOk();... requires has(n); void remove(Node n) {... } }

1/23/2003University of Virginia21 Checking Correctness Korat uses: JML toolset for generating oracles JUnit for executing tests and reporting errors to test a method m, Korat invokes m on each input and test the output using the oracle

1/23/2003University of Virginia22 Roadmap

1/23/2003University of Virginia23 Results & Evaluation BenchmarkSizeState Space Structs Generated Time (sec) BinaryTree , HeapArray ,005, LinkedList ,140 4,213, TreeMap HashSet , AVTree ,

1/23/2003University of Virginia24 Results & Evaluation BenchmarkMethodMax Size Test Cases Gen Time (sec) Test Time (sec) BinaryTreeremove HeapArrayextractMax613, LinkedListreverse TreeMapput819, HashSetadd713, AVTreelookup427,

1/23/2003University of Virginia25 Roadmap

1/23/2003University of Virginia26 Questions & Comments non-Java environments? clear enough explanations for algorithms? proof for the search algorithm? paper quality: outstanding / good / bad / awful ? anything else you want to add?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.